ledit

Text editor (WIP)
git clone git://lumidify.org/ledit.git (fast, but not encrypted)
git clone https://lumidify.org/git/ledit.git (encrypted, but very slow)
Log | Files | Refs | README | LICENSE
commit 4e39cee7c2670c566dd05abc926f01aa8444e018
parent 1e7b988b795deff7e31c7a5c28a5c669b388fb3a
Author: lumidify <nobody@lumidify.org>
Date:   Thu,  8 Sep 2022 13:40:00 +0200

Fix potential buffer overflow

Diffstat:

Msearch.c | 4++--


1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/search.c b/search.c
@@ -40,12 +40,12 @@ search_forward(ledit_view *view, size_t *line_ret, size_t *byte_ret) {
 		return SEARCH_NO_PATTERN;
 	size_t line = view->cur_line;
 	/* start one byte later so it doesn't get stuck on a match
-	   note: since the string ends with '\0', this is always valid */
+	   note: in certain cases, this may not be a valid index */
 	size_t byte = view->cur_index + 1;
 	char *res;
 	ledit_line *lline = buffer_get_line(view->buffer, line);
 	buffer_normalize_line(lline);
-	if ((res = strstr(lline->text + byte, last_search)) != NULL) {
+	if (byte < lline->len && (res = strstr(lline->text + byte, last_search)) != NULL) {
 		*line_ret = line;
 		*byte_ret = (size_t)(res - lline->text);
 		return SEARCH_NORMAL;